Ever since I was a wee lad I've had a dream .... a dream of being incorrectly assessed as impossibly rich by brain-dead automated analysis. Now with your help I can be!

Here is how it works: A lot of people mistakenly assume that when a transaction spends from multiple addresses all those addresses are owned by the same party. This is commonly the case, but it doesn't have to be so: people can cooperate to author a transaction in a secure and trustless manner. We can make it a lot easier for people making this mistake to discover their folly by making there be a single address that seems linked to everything.

So I'm generously offering to link my forum signature address with the universe. Here is where you come in: I need someone to provide the universe.

Here is how it works: You write a transaction that spends some of your coins, and one of my 1GMaxweLLbo8mdXvnnC19Wt2wigiYUKgEB coins:

You send your coins back to a (new) address of yours and you my 1BTC back to me at 1GMaxweLLbo8mdXvnnC19Wt2wigiYUKgEB.

You sign this transaction— but it's not valid until both of us sign it. You send it to me (via PM, anonymous gpg encrypted email, or a post in this thread) and if I like your proposed transaction I'll sign it and announce it. If you think your proposal is especially attractive— e.g. you're going to link me to a 100,000 BTC coin, maybe you don't send all of that 1 BTC back to me, and maybe I'll still accept your offer (but someone else may offer a linkage just as good for less, so bid wisely!). The most attractive offers will be involve very high value coins, or from well known public addresses and will either give me all my coin back, or even more.

After I accept whatever offer I accept, I'll post a new coin of mine for people to attempt to spend.. and we'll keep it up until people who think simplistic 'taint' analysis works get a clue.

To actually do this in bitcoin-qt/bitcoind open up the console (in the GUI, help->debug->console) and run

You'd replace 1AywL2iC7ywJCTtXb8G49WeWgEL9qCBh61 with an address of yours. And the 0.01456 with the amount of that coin— or less if you intend on giving away some of that money as fees or giving it to me to support this fun project. (if you're going to give or try taking from me adjust the amount of 1GMaxweLLbo8mdXvnnC19Wt2wigiYUKgEB).. In any case the value of my input is 1 BTC, the sum of outputs must be equal to or less than the inputs— any unaccounted for coin is fees.

You leave the second txid/vout alone (or replace it with one from later in this thread)— thats my coin that you'll be spending. If you want to be advanced about it you can spend several of your coins, or even get a couple friends to each chip in a coin.

I hope it leads to people discovering how they can do a "fungibility project". You know, a project that increases the fungibility of all bitcoins. One that auto-swaps coins with strangers in IRC using this very same flow you've got going here.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.

One that auto-swaps coins with strangers in IRC using this very same flow you've got going here.

I've actually done this manually a few times with a few different people— well, IRC messages are too short for most transactions. but encrypted pastebins work. I thought it would be fun to get more people involved.

One that auto-swaps coins with strangers in IRC using this very same flow you've got going here.

I've actually done this manually a few times with a few different people— well, IRC messages are too short for most transactions. but encrypted pastebins work. I thought it would be fun to get more people involved.

The only reason is privacy— making a joint transaction hides ownership but if the pastebin is made public that sort of undoes the effect. For a fun project like this it may not matter to you— e.g. my 1GMaxwell address is very public. But if you don't want people to know that you own 100,000 BTC then you wouldn't want to post the txn under your name. If you send it to me anonymously then even I won't know.

"Bitcoin has been an amazing ride, but the most fascinating part to me is the seemingly universal tendency of libertarians to immediately become authoritarians the very moment they are given any measure of power to silence the dissent of others." - The Bible

* What exactly is the meaning of the Vout (Value out?) integer? In the input part of the transaction you specify the vout of your input based on the output of 'listunspend' so I guessed it was a local (wallet specific) identifier however we also specify the vout of your input (as 0) and if this was the case there would be no way to know that. Finally, for the decoded transaction we see that the output after the transaction is signed, broadcasted and added to a block, is also called vout to make it a little more confusing

* Each output in the vout of the decoded raw transaction has an array of addresses (in the example the arrays of both outputs have length 1). Does specifying multiple addresses in this array create a multi sig output? If not, what would it mean?

* Finally, I have never been able to find a quick and easy explanation/howto/whatever of all (or at least the most important) OP Codes. If this exists somewhere I'd love a link.

A transaction can have multiple outputs— e.g. when you send some coin to someone and send the rest back in change, or when you pay multiple parties at once. Vout is just an index— in createrawtransaction it indicates which of potentially multiple outputs are being spent. In the decode you see the indexes of the newly created outputs.

Quote

* Each output in the vout of the decoded raw transaction has an array of addresses (in the example the arrays of both outputs have length 1). Does specifying multiple addresses in this array create a multi sig output? If not, what would it mean?

Yes, if threre are multiple addresses there its a multisig output.

Quote

* Finally, I have never been able to find a quick and easy explanation/howto/whatever of all (or at least the most important) OP Codes. If this exists somewhere I'd love a link.

How to become MtGox: Send e.g. 1 Bitcent to a completely new address, then send half of that + some other change from one of your other addresses to one of your regular ones (or another new oine) and let the other half bitcent be imported to MtGox via the import private key feature. This would make it seem as if MtGox (who probably swipe that half Bitcent asap, most likely together with some other coins) now also owns all of your other addresses...

This should work anywhere that lets you import private keys and subsequently transfers coins off these keys.

Anyways, I guess by doing stuff as you proposed, you just make it a bit harder again, but not impossible to still cluster addresses.

https://bitfinex.com <-- leveraged trading of BTCUSD, LTCUSD and LTCBTC (long and short) - 10% discount on fees for the first 30 days with this refcode: x5K9YtL3ZbMail me at Bitmessage: BM-BbiHiVv5qh858ULsyRDtpRrG9WjXN3xf

2409f355c8910721fbbb5c54a01b8f9c692cfb292c3b4f7baf5b8151e44fef21 is the first accepted offer, this one received over GPG-email. Accepting it was a no-brainer: It made a clever and quite generous 10 BTC multi-signature donation the developers. I've updated the message to indicate bbeacff94c2d20df8eb4e5556b38977863b4548c79105b10da943cd2eecddd80:0 (also 1 BTC) as the new output of mine to spend.

Loaded: Slightly too slow, 1d7b37fa is now spent. Compute and sign your very impressive transaction again with bbeacff.

2409f355c8910721fbbb5c54a01b8f9c692cfb292c3b4f7baf5b8151e44fef21 is the first accepted offer, this one received over GPG-email. Accepting it was a no-brainer: It made a clever and quite generous 10 BTC multi-signature donation the developers. I've updated the message to indicate bbeacff94c2d20df8eb4e5556b38977863b4548c79105b10da943cd2eecddd80:0 (also 1 BTC) as the new output of mine to spend.

Loaded: Slightly too slow, 1d7b37fa is now spent. Compute and sign your very impressive transaction again with bbeacff.

One that auto-swaps coins with strangers in IRC using this very same flow you've got going here.

I've actually done this manually a few times with a few different people— well, IRC messages are too short for most transactions. but encrypted pastebins work. I thought it would be fun to get more people involved.

I am thinking of this as a program that runs all day and night and promiscuously finds random swapping partners, repeatedly swapping coins as soon as they meet a minimum threshold for confirmations. I suppose if such an application wants a dependency on a pastebin site that doesn't mind being polluted with transient traffic and doesn't require a captcha, it would work.

Such traffic could be broken into multiple IRC messages to avoid need for pastebin. It could also do direct client to client communications.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.

Such traffic could be broken into multiple IRC messages to avoid need for pastebin. It could also do direct client to client communications.

Ideally it should be some meeting point over TOR so that there is no incentive to try to record IPs. Though I'd prefer instead of opportunistically swapping that it rather had lots of people indicate an intent to swap, and then when you want to make a transaction, you'd jointly create a swap and pay transaction. This avoids bloating the blockchain with a bunch of pure swapping and would further improve privacy as you wouldn't know _which_ outputs were swapping and which were payments. Payments to common anonymous donation addresses could even be merged.

Such traffic could be broken into multiple IRC messages to avoid need for pastebin. It could also do direct client to client communications.

Ideally it should be some meeting point over TOR so that there is no incentive to try to record IPs. Though I'd prefer instead of opportunistically swapping that it rather had lots of people indicate an intent to swap, and then when you want to make a transaction, you'd jointly create a swap and pay transaction. This avoids bloating the blockchain with a bunch of pure swapping and would further improve privacy as you wouldn't know _which_ outputs were swapping and which were payments. Payments to common anonymous donation addresses could even be merged.

This is an interesting idea.

Is there a legitimate usage for a bot like this besides confusing taint analysis? I'm not sure if you guys really care at this point or even at all, but running software designed essentially to launder coins sounds like it could potentially get someone in trouble.

This is an interesting idea.Is there a legitimate usage for a bot like this besides confusing taint analysis? I'm not sure if you guys really care at this point or even at all, but running software designed essentially to launder coins sounds like it could potentially get someone in trouble.

Welll the application is that websites like blockchain.info post analysis for everyone to see— screwing up the privacy of Bitcoin in practice. I don't have much need for anonymity, but not having everyone from your nosy neighbors to random thieves knowing all your financial activity is both a matter of human dignity and basic safety. The basic design of Bitcoin should be reasonably private if used right, but people frequently reuse addresses and do other things that gum it up.

Making joint payments can reclaim some of that privacy (but I'm far from convinced that it would thwart serious forensic analysis) and also reduce the total number of transactions being made.

Besides, there are already many mixers: But the issue with them is that they're centralized services. When you deposit your coins there is a risk the operator will steal them (or get them stolen). They charge fees... and the operator may be spying and recording all the linkages anyways. With those kinds of properties they're services which are less useful for casual privacy— and only really attractive to the kind of nefarious activity which I don't endorse.

Joint transactions can also be used to have people securely pool funds to pay for common work. E.g. "I'll post pics with a shoe on my head if y'all raise 10 BTC" and other neat things especially when you factor in the other scriptsig types.

I am thinking of this as a program that runs all day and night and promiscuously finds random swapping partners, repeatedly swapping coins as soon as they meet a minimum threshold for confirmations. I suppose if such an application wants a dependency on a pastebin site that doesn't mind being polluted with transient traffic and doesn't require a captcha, it would work.

Such traffic could be broken into multiple IRC messages to avoid need for pastebin. It could also do direct client to client communications.

Yes, it's not new— In fact, I made the first one of these transactions in 2011. But it's also not widely known.... not widely used enough that people attempting taint analysis get big obvious failures that make them question their premises.